Sample viewer

vx.netlux.org/Virus.DOS.Hero.506

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:02.276629018Z	255	PC: 12a72 \| UNKNOWN!
2018-12-17T23:03:02.277887373Z	53	PC: 12a7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:02.281402608Z	37	PC: 12aa2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:02.282862921Z	42	PC: 12aa9 \| Get date 0x12aa9: cmp dl, 1 0x12aac: jne 0x12ac1 0x12aae: mov ah, 9 0x12ab0: mov dx, 0x28b 0x12ab3: add si, dx 0x12ab5: mov cx, 0x19 0x12ab8: add byte ptr [si], cl 0x12aba: not byte ptr [si] 0x12abc: inc si 0x12abd: loop 0x12ab8 0x12abf: int 0x21 0x12ac1: pop si 0x12ac2: cmp word ptr [si + 0x283], 0x100 0x12ac8: jne 0x12ad8 0x12aca: mov ax, word ptr [si + 0x287] 0x12ace: mov word ptr [0x100], ax 0x12ad1: mov ax, word ptr [si + 0x289] 0x12ad5: mov word ptr [0x102], ax 0x12ad8: pop es 0x12ad9: pop ds
2018-12-17T23:03:02.285393726Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:38.635162258Z	255	PC: 12a72 \| UNKNOWN!
2018-12-25T12:40:38.636294255Z	53	PC: 12a7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:38.638904472Z	37	PC: 12aa2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:38.645261558Z	42	PC: 12aa9 \| Get date 0x12aa9: cmp dl, 1 0x12aac: jne 0x12ac1 0x12aae: mov ah, 9 0x12ab0: mov dx, 0x28b 0x12ab3: add si, dx 0x12ab5: mov cx, 0x19 0x12ab8: add byte ptr [si], cl 0x12aba: not byte ptr [si] 0x12abc: inc si 0x12abd: loop 0x12ab8 0x12abf: int 0x21 0x12ac1: pop si 0x12ac2: cmp word ptr [si + 0x283], 0x100 0x12ac8: jne 0x12ad8 0x12aca: mov ax, word ptr [si + 0x287] 0x12ace: mov word ptr [0x100], ax 0x12ad1: mov ax, word ptr [si + 0x289] 0x12ad5: mov word ptr [0x102], ax 0x12ad8: pop es 0x12ad9: pop ds
2018-12-25T12:40:38.648352234Z	9	PC: 12ac1 \| Display string (String= 'U�]�j�j�n��n�n�e�i�Z�o��')
2018-12-25T12:40:38.654405757Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:38.674735132Z	255	PC: 12a72 \| UNKNOWN!
2018-12-25T12:40:38.676270696Z	53	PC: 12a7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:38.677406033Z	37	PC: 12aa2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:38.678524698Z	42	PC: 12aa9 \| Get date 0x12aa9: cmp dl, 1 0x12aac: jne 0x12ac1 0x12aae: mov ah, 9 0x12ab0: mov dx, 0x28b 0x12ab3: add si, dx 0x12ab5: mov cx, 0x19 0x12ab8: add byte ptr [si], cl 0x12aba: not byte ptr [si] 0x12abc: inc si 0x12abd: loop 0x12ab8 0x12abf: int 0x21 0x12ac1: pop si 0x12ac2: cmp word ptr [si + 0x283], 0x100 0x12ac8: jne 0x12ad8 0x12aca: mov ax, word ptr [si + 0x287] 0x12ace: mov word ptr [0x100], ax 0x12ad1: mov ax, word ptr [si + 0x289] 0x12ad5: mov word ptr [0x102], ax 0x12ad8: pop es 0x12ad9: pop ds
2018-12-25T12:40:38.681769249Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:39.258898162Z	255	PC: 12a72 \| UNKNOWN!
2018-12-25T12:40:39.260121516Z	53	PC: 12a7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:39.261146428Z	37	PC: 12aa2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:39.262011385Z	42	PC: 12aa9 \| Get date 0x12aa9: cmp dl, 1 0x12aac: jne 0x12ac1 0x12aae: mov ah, 9 0x12ab0: mov dx, 0x28b 0x12ab3: add si, dx 0x12ab5: mov cx, 0x19 0x12ab8: add byte ptr [si], cl 0x12aba: not byte ptr [si] 0x12abc: inc si 0x12abd: loop 0x12ab8 0x12abf: int 0x21 0x12ac1: pop si 0x12ac2: cmp word ptr [si + 0x283], 0x100 0x12ac8: jne 0x12ad8 0x12aca: mov ax, word ptr [si + 0x287] 0x12ace: mov word ptr [0x100], ax 0x12ad1: mov ax, word ptr [si + 0x289] 0x12ad5: mov word ptr [0x102], ax 0x12ad8: pop es 0x12ad9: pop ds
2018-12-25T12:40:39.265323473Z	9	PC: 12ac1 \| Display string (String= 'U�]�j�j�n��n�n�e�i�Z�o��')
2018-12-25T12:40:39.271021059Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:39.370123255Z	255	PC: 12a72 \| UNKNOWN!
2018-12-25T12:40:39.372764487Z	53	PC: 12a7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:39.374871197Z	37	PC: 12aa2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:39.376856308Z	42	PC: 12aa9 \| Get date 0x12aa9: cmp dl, 1 0x12aac: jne 0x12ac1 0x12aae: mov ah, 9 0x12ab0: mov dx, 0x28b 0x12ab3: add si, dx 0x12ab5: mov cx, 0x19 0x12ab8: add byte ptr [si], cl 0x12aba: not byte ptr [si] 0x12abc: inc si 0x12abd: loop 0x12ab8 0x12abf: int 0x21 0x12ac1: pop si 0x12ac2: cmp word ptr [si + 0x283], 0x100 0x12ac8: jne 0x12ad8 0x12aca: mov ax, word ptr [si + 0x287] 0x12ace: mov word ptr [0x100], ax 0x12ad1: mov ax, word ptr [si + 0x289] 0x12ad5: mov word ptr [0x102], ax 0x12ad8: pop es 0x12ad9: pop ds
2018-12-25T12:40:39.380401375Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')